Opening Speech

Year of the #WiFiCactus

The #WiFiCactus is a wireless monitoring tool that is capable of listening to 50+ channels of WiFi at the same time. This talk will discuss the events and data from the last year traveling with the #WiFiCactus including warwalking at DEF CON.

Technical

10:30 - 11:00

Stealing Traffic: Analyzing a Mobile Fraud

In this talk, the speaker will the show how a popular app with over 10 million downloads can steal mobile traffic. The concept of “Click Injection”: a commonplace AdTech fraud technique will be introduced to the audience. Afterwards, the speaker will go through the process of reverse engineering an app that was suspected of conducting click injections.

Lunch break

You're right, this talk isn't really about you!

In this presentation, we will discuss topics related to human behaviour, which need to be modified for the sake of better security. A mirror will be held up to our industry as we inspect how we can better teach and interact with others

Business

15:00 - 15:45

The challenge of building a secure and safe digital environment in healthcare

The importance of security and privacy, keeping the data safe in healthcare is huge. We also need to be aware, that the criminal can harm the patient in many different ways, for many different reasons, with the goal to harm them, but also doing it by accident, just simple because we did make everything digital, put and connect everything online, without thinking about the need to make it safe and secure.

Business

16:00 - 16:45

Threat Hunting: From Platitudes to Practical Application

We’ll talk about hunting in network, as well as endpoint environments, and even who the right people on your team are to be your hunters. And finally, we’ll discuss several examples of security failures and data exposure found during actual threat hunting engagements on the networks of Black Hat and the RSA Conference.

Technical

17:00 - 17:30

Hacking at the ECSC

In this talk we'll cover what a Capture the Flag event is and why they can be so fun and educational to play. I'll tell you about my experience at the European Cyber Security Challenge 2018 and get into some demos on the tasks that we had to solve.

Technical

Friday, 9th November - Bucharest Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical

09:00 - 09:45

What happened behind the closed doors at MS

In the year 2000 several Microsoft sites have been hacked by a Dutch Hacker named Dimitri. Several subdomain servers, such as windowsupdate.microsoft.com, 128download.microsoft.com, events.microsoft.com and so on has been hacked. Not even once but twice in a short period of time. A secret meeting was planned by Microsoft with Dimitri. Why was it secretly? What actually happened behind the closed doors at MS? And why even after 18 years it is still a secret? This presentation includes some Mystery, Drama, Action & NSFW.

Technical

10:00 - 10:45

Building application security with 0 money down

In this presentation we will share our experience in building application security process from the grounds up.
Secure development lifecycle models are well publicized. They seem to be self-explanatory on what needs to be done: threat modeling, composition analysis, static code analysis etc.

Technical

10:45 - 11:15

Coffee Break

11:15 - 12:00

Backdooring DVR/NVR devices

Although it’s an old technique to perform attack on embedded devices but its easy and proven attack and because of this some well-known researcher came with an idea called NSA playset which introduces the different kind of tools which researchers, security fellows can take advantage off and leverage their research/study/attack. In this talk, we are taking the reference of these ideas and implement a hardware backdoor by taking advantage of hardware hacking skills. Through this hardware backdoor, we can track devices, access root shell from anywhere and can stream fake videos/images on console like Hollywood style.

Technical

12:15 - 12:45

AutoHotKey Malware – The New AutoIT

AutoHotkey is an open-source scripting language for Windows, that provides easy ways for users of most levels of computer skill to automate tasks in Windows applications—through keyboard shortcuts, fast macro-creation, and software automation. In this talk I will be showing ways that this tool can be used for malicious purposes, from droppers to keyloggers, and the OPSEC fails that their authors did.

Technical

12:45 - 14:00

Lunch break

14:00 - 14:30

Back to the future: how to respond to threats against ICS environments.

We start with mostly manual collection, archival, meta-information extraction and cross-validation of more than 637 unique resources related to IoT malware families. These resources relate to 60 1 IoT malware families, and include 260 resources related to 48 unique vulnerabilities used in the disclosed or detected IoT malware attacks. We then use the extracted information to establish as accurately as possible the timeline of events related to each IoT malware family and relevant vulnerabilities, and to outline important insights and statistics. For example, our analysis shows that the mean and median CVSS scores of all analyzed vulnerabilities employed by the IoT malware families are quite modest yet: 6.9 and 7.1 for CVSSv2, and 7.5 and 7.5 for CVSSv3 respectively.

Technical

16:45 - 17:30

DefCamp 2018 - Awards Ceremony

DEFCAMP CAPTURE THE FLAG (D-CTF)

DEFEND THE CASTLE

ARIADNE’s THREAD CTF 3.0

8bit HACK

DOWN THE RABBIT HOLE

BOB, THE HACKER BOT

IoT VILLAGE

CRITICAL INFRASTRUCTURE ATTACK

HACK THE BANK

TARGET JOHN

LOCK PICKING VILLAGE

EA - LAZY DAVE

PASSPORT TO PRIZES

Technical

Thursday, 8th November - Roma Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical

09:00 - 10:15

WiFi practical hacking "Show me the passwords!"

There will be no wasting time on purely theoretical approaches or WEP that nobody uses nowadays. In contrast to other talks, it will be focused purely on the practical side: what can actually be done with affordable equipment. The primary focus will be on obtaining clear text passwords to both home and corporate networks.

Technical

10:30 - 11:00

Drupalgeddon 2 – Yet Another Weapon for the Attacker

With over 1,000,000 websites on the Web, Drupal is one of the most popular Content Management Systems out there. This makes Drupal a juicy target for malicious actors. A recently discovered vulnerability in the Drupal Core Project effectively allows an attacker to gain remote code execution on the target server. How can this vulnerability be exploited? How can an attacker make use of such a tool? These are some questions that this talk will attempt to answer to.

Technical

11:00 - 11:30

Coffee Break

11:30 - 12:15

Catch Me If You Can - Finding APTs in your network

APT attacks have traditionally been associated with nation-state players. But in the last few years, the tools and techniques used by few APT actors have been adopted by various cybercriminals groups.
In this talk we will walk through an APT intrusion, exemplifying techniques used by threat actors to compromise enterprise networks and achieve their goals. We will also approach the defender side highlighting detection methods and countermeasures.

Technical

12:30 - 13:00

From Mirai to Monero – One Year’s Worth of Honeypot Data

Mihai Vasilescu - Senior Security Research Engineer at Ixia, a Keysight business

Adrian Hada - Senior Security Research Engineer at Ixia, a Keysight business

With the end of 2016 seeing the explosion of the Mirai malware with source-code included, 2017 saw more and more DDoS botnets based on the original or modified Mirai code. At the same time, another fad appeared: cryptomining on infected machines, with Monero mining becoming an important means for malware authors to make money with less overall risk involved. This presentation will focus on what we’ve seen in our honeypots in the past year – the threats involved, abused exploits and applications as well as other interesting data for the people involved in threat intelligence, operations and security roles.

Technical

13:00 - 14:00

Lunch Break

14:00 - 14:45

Weaponizing Neural Networks. In your browser!

Our Proof-of-Concept (POC) proves that neural networks can be used for irreversibly hiding malicious code, thus making any static code-scanner blind to the data that is being delivered through the browser. Also, dynamic analysis of code can be misled by making the network respond to different seeds in different ways (i.e. generate music for one seed and malicious code for another).

Technical

15:00 - 15:45

In search of unique behaviour

A walk through multiple attack scenarios seen in our protected environments, hunting and dissecting different infection vectors with unique modus operandi for payload delivery and persistence followed by intel reporting and detection.

Technical

16:00 - 16:45

How to Fuzz like a Hacker

This presentation will focus on methods that can be applied to optimize the fuzzing process and makes it more efficient. It includes tools and strategies like: Address Sanitizer, different distribution strategies, instrumentation and hardware advantages (depends on architecture). All those examples will be presented based on the current open-source leader, AFL.

Technical

17:00 - 17:30

Lattice based Merkle for post-quantum epoch

Scientists are actively working on the creation of quantum computers. Quantum computers can easily solve the problem of factoring the large numbers. Because of this, quantum computers are able to break the crypto system RSA, which is used in many products. We propose to use as the hash function, the lattice-based hash function, and to use lattice based one-way function as an one-way function in hash-based digital signature schemes.

Technical

Friday, 9th November - Roma Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical

09:00 - 09:45

Red, Blue and Purple Teaming Deep Dive

-

Questions remain over an enterprise cyber security posture and the current level of the threat landscape and the inherent risk profile of the organization. Building a next generation cyber security operations center (CSOC 2.0) is one of the ways in which organizations can build better cyber defense mechanism across the organization.

10:00 - 10:45

Timing attacks against web applications: Are they still practical?

We will look into several web solutions that can be proven susceptible to such attacks, the resource required to execute an attack, likelihood of arousing suspicion and more.
We will also demonstrate a real-time attack against a remotely hosted application that runs a well-known and widely used CMS. Our example represents an efficient method that improves the likelihood of exploiting a non-constant-time function in a PHP-based product.

Lunch break

Bridging the gap between CyberSecurity R&D and UX

If you want to understand how security products are designed, why some of those uninspired messages make it into product interfaces or you’re simply curious of how these things work, then here’s your product manager’s guide through a cybersecurity company.

We have been exploring the security of mobile signaling for years. 2G, 3G and then 4G+, all the generations of protocols proved to be similarly vulnerable. However, the existence of vulnerability doesn’t automatically mean it is being exploited in the wild. Having conducted more than 60 security assessments for the mobile operators signaling networks, based on the experience of security monitoring projects, we gathered more than enough info to share with the world. What are the hackers up to? What is the state of networks security? How and which methods allow hackers to bypass evolving security measures? I will explore the most interesting cases in technical detail.

Technical

15:45 - 16:30

We will charge you. How to [b]reach vendor’s network using EV charging station.

This talk is focused on the research of one of the EV chargers intended for SOHO usage. It contains different wireless interfaces as well as mobile application for remote control. During our research, we have found multiple security issues that could provide remote adversary an ability to take control over charger and possibility to compromise vendor’s backend infrastructure.

Technical

16:45 - 17:30

Secure and privacy-preserving data transmission and processing using homomorphic encryption

Razvan Bocu - Lecturer and Researcher at Dept. of Mathematics and Computer Science, Transilvania University of Brasov

Hardware and software solutions for the collection of personal health information continue to evolve. The reliable gathering of personal health information, previously usually possible only in dedicated medical settings, has recently become possible through wearable specialized medical devices. Among other drawbacks, these devices usually do not store the data locally and offer, at best, limited basic data processing features and few advanced processing capabilities for the collected personal health data. In this presentation, we describe an integrated personal health information system that allows secure storage and processing of medical data in the cloud by using a comprehensive homomorphic encryption model to preserve data privacy.

Technical

Thursday, 8th November - Vienna Room

08:00 - 09:00

Registration

Pick up your badge & grab your coffee.

Technical

09:00 - 09:30

The Hitchhiker's Guide to Disinformation, Public Opinion Swinging and False Flags

Implementation of information security techniques on modern android based Kiosk ATM/remittance machines

ATM machines are rapidly developing and are finding new applications from bill payments to online fund transfers. Everything is getting smart in the modern world and ATM are no exceptions in this regard. The natural choice of manufacturers for making ATM smart is by making their function connected to android based system. However, android based Applications are inherently vulnerable and can be exploited by external attackers or by internal malicious users.

Technical

10:30 - 11:00

Burp-ing through your cryptography shield

What do you do when Burp is failing you, when even Google is failing you?
This presentation describes the approach to a problem encountered during an application test. What can you do when the application sends encrypted requests?
You find the encryption-key creation code, realize it’s broken, and then proceed to build a Burp Extension that allows you to intercept, decrypt , modify, re-encrypt the requests.

Technical

11:00 - 11:30

Coffee Break

This talk imparts knowledge on Windows required to understand privilege escalation attacks. It describes the most relevant privilege escalation methods and techniques and names suitable tools and commands. These methods and techniques have been categorized, included into an attack tree and were tested and verified in a realistic lab environment. Based upon these results, a systematic and practical approach for security experts on how to escalate privileges was developed.

Technical

12:30 - 13:00

Mobile, IoT, Clouds… It’s time to hire your own risk manager!

This talk is about how to use different techniques (including forensics) to break into data of mobile devices to define and quantify the severity of issues found by these methods. Some examples will be shown on popular apps everyone uses daily, some cases of various apps to highlight the exciting problems.

Business

13:00 - 14:00

Lunch Break

14:00 - 14:45

CPU vulnerabilities - where are we now?

Recently discovered side-channel vulnerabilities in processors and memory modules (such as Meltdown, the Spectre family or Rowhammer) require us to rethink fundamental assumptions of operating system design – we can no longer take proper memory management for granted. Today’s predictable operating system behavior may eventually be leveraged to leak information helping attackers. This talk gives a high-level overview of publicly known side-channel attacks as well as proposed defense strategies. We discuss how such attacks can (realistically) help intruders as well as the side-effects of stopping them.

Technical

15:00- 15:30

OSSTMM: The “Measure, Don’t Guess” Security Testing Methodology

With version 4.0 of OSSTMM about to hit the metaphorical shelves, it is a good time to have a closer look at what the methodology can offer both when used as a whole and when only some parts are utilized during a security test. Which is what we’ll do in this talk.

Technical

15:30 - 15:45

Open Directories: Sensitive data (not) hiding in plain sight

As a part of long-term research into the security of Czech and Slovak Internet (.CZ and .SK domains and/or IP addresses geolocated within CZ or SK), ALEF CSIRT conducted an analysis of data from several thousand freely accessible open directories. Many files from these directories turned out to be quite interesting as Jan will discuss during his talk.

Technical

16:00 - 17:30

Panel - CPU vulnerabilities, how to resist future attacks , new technologies and future trends in IT Security

This talk is based on the presenter’s recent master’s thesis and hence will deal with the application of machine learning to password list generation to create human-like password dictionaries using character-based Recurrent Neural Networks. Furthermore, it will show that an attacker can facilitate machine learning to generate tailored password lists for specific victims by training a model on password creation schemes of other people in combination with user data of the victim. Additionally, a machine learning classification method will be presented to identify human-generated passwords.

Technical

10:00 - 10:45

The charter of Trust

The digital world is changing everything. Billions of devices are connected by the Internet of Things. That holds great potential for everyone, but also great risk. The risk of exposure to cyber-attacks. The risk of losing control over the systems that run our infrastructures. Cybersecurity is and has to be more than a seat belt or an airbag for our data; it’s a factor that’s crucial to the success of the digital economy. People and organizations need to trust that their digital technologies are safe and secure; otherwise they won’t embrace the digital transformation. That’s why we are developing a Charter of Trust bearing the principles that are fundamental to a secure digital world.

Business

10:45 - 11:15

Coffee Break

11:15 - 12:00

Between Hype and Need

Is Big Brother really watching while you master baits for your next fishing trip? Are you as outraged as everyone else about the Snowden revelations? Is privacy really a myth?
In this session we’ll learn exactly what data we should consider as already compromised, what and how to prioritise when it comes to our personal privacy and, of course, even more myths about privacy debunked for a more informed you in your day to day life.
Make sure to bring your game for the end of the talk when, depending on how much time we have left, we’ll try to have a quick debate on this.

Lunch Break

Intro to Reversing Malware

Malware is any software intentionally designed to abuse the capability of its system API to cause damage to a computer, server or computer network. In this talk, the speaker will demonstrate the tooling and methodology used to reverse malware and understand its limits. This is a beginner-friendly talk that requires basic programming knowledge.

Technical

14:45 - 15:00

(Lighting Talk) Tor .onions: The Good, The Rotten and The Misconfiguread

How can you make use of Tor in your day to day life? And what dangers do you expose yourself to when browsing it? What kind of people are there? What are they doing in such a shady place? What are they trying to do to you? And the most important question of all, do they fry the onions or eat them raw?
Let us hold hands together with a Chrome Headless based .onion crawler and scuba dive into the magical wonderland of the Darknet. We will find answers to all questions you have and don’t have.

Adrian Hada - Senior Security Research Engineer at Ixia, a Keysight business

Phishing attempts are generally met with only a limited measure of success – phishing attempts might get blocked or users might not be tricked by the attempt. Threat actors generally reuse the same phishing page template, customized for multiple targets, which they try to deploy at scale to increase their chances of success. Given the high amount of similarity between phishing pages, we can use near-similarity measures to identify phishing pages. This is a quick overview of how such an approach would work and its success rate in identifying phishing pages.

Technical

15:15 - 15:30

(Lighting Talk) Applying Honey to the Pot - The Saga of Port 5555

Starting as a developer’s best friend, the Android Debug Bridge has slowly turned into a security nightmare over the years. While having an open port available for debugging your application over the internet sounds great, forgetting to turn off that service in production environment can spell big trouble for you or even the consumers using the said products. The Android Debug Bridge protocol was initially designed for accessing various critical services of an Android device over USB. While time passed, it also got encapsulated over TCP/IP, opening up port 5555 for a remote debugger to attach itself. From a security standpoint however, no improvements have been made, and a remote attacker can freely connect and exploit a device over the air. This is why I started developing a low interaction honeypot to catch this kind of attacks following a surge in hits on that specific port in our sensors. Shortly after deployment on only one machine, I started getting hits right off the bat. In the presentation I’ll be discussing the development procedure for the honeypot from the ground up as well as dissecting the ADB protocol in order to enable researchers to more easily implement their own honeypots.

Economical Denial of Sustainability in the Cloud (EDOS)

With the rising of Cloud, many enterprises are able to cut down their IT budget and gain flexibility by moving infrastructure, services and application development to the Cloud. But how safe are they? And at what scale do the economic losses of cyber attacks increase when having websites such as banking, online stores and social media platforms moved in the Cloud? How can companies protect themselves? With a focus on one of the most costly dangers in the Cloud, which is the Economical Denial of Sustainability attack, this presentation tries to answer all of the above questions and give an insight on how such security problems can be prevented and addressed.